Password reset emails have one job: get the user to the reset screen. Not later. Not “after they read your brand story.”
If you're seeing low click-through or support tickets like “I never got the reset email,” your subject line is often part of the problem. Transactional emails still compete with promotions, security alerts, and inbox fatigue.
What makes a good password reset subject line
- Clarity: the user instantly understands what the email is for
- Trust: it looks like it came from the product they use (not a random marketer)
- Intent match: it acknowledges that the user (or someone) requested this
- Low spam vibes: no hype, no urgency theater, no punctuation abuse
Most teams overthink “conversion.” For password resets, conversion is mostly about removing doubt.
The safe default (use this if you're unsure)
If you want one subject line that works across most products and inbox providers, use:
Pair it with a clear preheader like: “Use this link within 15 minutes.” (Preheader matters more than people admit.)
25 subject lines you can copy/paste
Pick one based on your tone and risk tolerance. If you operate in a regulated space (fintech/health), stick to the boring ones.
Straight + literal
- Reset your password
- Password reset request
- Here's your password reset link
- Reset link for your account
- Change your password
- Password reset instructions
- Your password reset
Requested / initiated language (reduces “is this phishing?”)
- You requested a password reset
- We received a request to reset your password
- Password reset requested for your account
- Reset your password (requested)
- Password reset: request received
- Your password reset request
Time window / expiration (use carefully)
- Reset your password (link expires soon)
- Your reset link expires in 15 minutes
- Password reset link (expires in 30 minutes)
- Reset your password today
Security-leaning (good for trust, bad if too scary)
- Security: password reset request
- Account security: reset your password
- Confirm your password reset
- Password reset verification
Brand in the subject (helps recognition at the cost of length)
- Reset your <Product> password
- <Product>: password reset link
- <Product> password reset request
- <Product> account: reset your password
Common mistakes (and what to do instead)
- Over-urgency: “URGENT!!!” → Use a calm expiration note in the preheader/body.
- Marketing language: “Don't miss out” → Use literal intent language.
- Ambiguity: “Your account” → Name the action: “Reset your password.”
- Fear copy: “Someone is trying to hack you” → Only use this for real security alerts (not resets).
- Too long: brand + fluff + punctuation → keep it under ~45 characters when possible.
Subject vs preheader: split the job
A good pattern is:
- Subject = what this is (reset your password)
- Preheader = what to do / how long you have (click the link within 15 minutes)
If you cram both into the subject, you usually end up with a long, truncation-prone line that looks suspicious on mobile.
A quick deliverability note (don't sabotage the inbox)
Subject lines don't “fix deliverability,” but they can trigger spam heuristics when combined with other bad signals.
- Don't use ALL CAPS or repeated punctuation
- Don't include emojis in security/credential flows
- Keep links minimal (ideally a single CTA)
- Use a stable
Fromname/address the user recognizes
How to choose (fast)
Use this decision tree:
- If you're early-stage or unsure → “Reset your password”
- If you have phishing concerns → add “requested” language
- If you have an expiry window → put it in preheader, not subject
- If you have multiple products/brands → add product name to subject
Mini template you can ship today
Copy this structure and adapt the placeholders:
- Subject: Reset your <Product> password
- Preheader: This link expires in 15 minutes.
- Body headline: Reset your password
- Primary CTA button: Reset password
- Secondary line: “If you didn't request this, you can ignore this email.”
Boring, clear, trustworthy. That's the point.